Skip to content

Commit

Permalink
Merge branch 'patriksimek:master' into pathContext
Browse files Browse the repository at this point in the history
  • Loading branch information
blakebyrnes authored May 13, 2023
2 parents e085219 + 4f63dc2 commit 7d16a56
Show file tree
Hide file tree
Showing 4 changed files with 44 additions and 27 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
v3.9.17 (2023-04-17)
--------------------
[fix] Multiple security fixes.

v3.9.16 (2023-04-11)
--------------------
[fix] Security fix (see https://github.com/patriksimek/vm2/issues/516).
Expand Down
39 changes: 26 additions & 13 deletions lib/setup-sandbox.js
Original file line number Diff line number Diff line change
Expand Up @@ -439,23 +439,36 @@ global.eval = new LocalProxy(localEval, EvalHandler);
* Promise sanitization
*/

if (localPromise && !allowAsync) {
if (localPromise) {

const PromisePrototype = localPromise.prototype;

overrideWithProxy(PromisePrototype, 'then', PromisePrototype.then, AsyncErrorHandler);
// This seems not to work, and will produce
// UnhandledPromiseRejectionWarning: TypeError: Method Promise.prototype.then called on incompatible receiver [object Object].
// This is likely caused since the host.Promise.prototype.then cannot use the VM Proxy object.
// Contextify.connect(host.Promise.prototype.then, Promise.prototype.then);
if (!allowAsync) {

overrideWithProxy(PromisePrototype, 'then', PromisePrototype.then, AsyncErrorHandler);
// This seems not to work, and will produce
// UnhandledPromiseRejectionWarning: TypeError: Method Promise.prototype.then called on incompatible receiver [object Object].
// This is likely caused since the host.Promise.prototype.then cannot use the VM Proxy object.
// Contextify.connect(host.Promise.prototype.then, Promise.prototype.then);

} else {

overrideWithProxy(PromisePrototype, 'then', PromisePrototype.then, {
__proto__: null,
apply(target, thiz, args) {
if (args.length > 1) {
const onRejected = args[1];
if (typeof onRejected === 'function') {
args[1] = function wrapper(error) {
error = ensureThis(error);
return localReflectApply(onRejected, this, [error]);
};
}
}
return localReflectApply(target, thiz, args);
}
});

if (PromisePrototype.finally) {
overrideWithProxy(PromisePrototype, 'finally', PromisePrototype.finally, AsyncErrorHandler);
// Contextify.connect(host.Promise.prototype.finally, Promise.prototype.finally);
}
if (Promise.prototype.catch) {
overrideWithProxy(PromisePrototype, 'catch', PromisePrototype.catch, AsyncErrorHandler);
// Contextify.connect(host.Promise.prototype.catch, Promise.prototype.catch);
}

}
Expand Down
26 changes: 13 additions & 13 deletions lib/transformer.js
Original file line number Diff line number Diff line change
Expand Up @@ -113,30 +113,30 @@ function transformer(args, body, isAsync, isGenerator, filename) {
if (nodeType === 'CatchClause') {
const param = node.param;
if (param) {
if (param.type === 'ObjectPattern') {
if (param.type === 'Identifier') {
const name = assertType(param, 'Identifier').name;
const cBody = assertType(node.body, 'BlockStatement');
if (cBody.body.length > 0) {
insertions.push({
__proto__: null,
pos: cBody.body[0].start,
order: TO_LEFT,
coder: () => `${name}=${INTERNAL_STATE_NAME}.handleException(${name});`
});
}
} else {
insertions.push({
__proto__: null,
pos: node.start,
order: TO_RIGHT,
coder: () => `catch(${tmpname}){try{throw(${tmpname}=${INTERNAL_STATE_NAME}.handleException(${tmpname}));}`
coder: () => `catch(${tmpname}){${tmpname}=${INTERNAL_STATE_NAME}.handleException(${tmpname});try{throw ${tmpname};}`
});
insertions.push({
__proto__: null,
pos: node.body.end,
order: TO_LEFT,
coder: () => `}`
});
} else {
const name = assertType(param, 'Identifier').name;
const cBody = assertType(node.body, 'BlockStatement');
if (cBody.body.length > 0) {
insertions.push({
__proto__: null,
pos: cBody.body[0].start,
order: TO_LEFT,
coder: () => `${name}=${INTERNAL_STATE_NAME}.handleException(${name});`
});
}
}
}
} else if (nodeType === 'WithStatement') {
Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
"alcatraz",
"contextify"
],
"version": "3.9.16",
"version": "3.9.17",
"main": "index.js",
"sideEffects": false,
"repository": "github:patriksimek/vm2",
Expand Down

0 comments on commit 7d16a56

Please sign in to comment.